/src/core/parameters.lisp

1 2(in-package:oauth) 3 4(export'(parametersort-parametersnormalized-parameters)) 5 6;; the cache allows us to call NORMALIZED-PARAMETERS repeatedly 7;; without excessive processing penalty. 8(defvar*parameters-cache*(tg:make-weak-hash-table:test#'eq:weakness:key) 9"Per-request cache for parameters in OAuth requests.")1011(defvar*signature-cache*(tg:make-weak-hash-table:test#'eq:weakness:key)12;; this is much more simple than maintaining multiple caches13;; for different parameter list flavors.14"Per-request cache for signatures in OAuth requests.")1516(defunsort-parameters(parameters)17"Sort PARAMETERS according to the OAuth spec. This is a destructive operation."18(assert(not(assoc"oauth_signature"parameters:test#'equal)))19(sortparameters#'string<:key(lambda(x)20"Sort by key and value."21(concatenate'string(princ-to-string(carx))22(princ-to-string(cdrx))))))2324(defunnormalized-parameters(&keyremove-duplicates-p)25"Collect request parameters and remove those excluded by the standard. See 9.1.1.
26 Note: REMOVE-DUPLICATES-P has no effect right now."27(declare(ignorableremove-duplicates-p))28(or(gethash(request)*parameters-cache*)29(let((parameters(append(remove"realm"(auth-parameters)30:key#'car:test#'equalp); TODO: http auth header parameters31(post-parameters)32(get-parameters))))33;; save the signature, we might need it later34(setf(gethash(request)*signature-cache*)35(cdr(assoc"oauth_signature"parameters:test#'equal)))36(let*((parameters(remove"oauth_signature"parameters37:key#'car:test#'equal))38(sorted-parameters(sort-parametersparameters)))39(setf(gethash(request)*parameters-cache*)sorted-parameters)40sorted-parameters41#+(or); disabled for now because it makes caching slightly more complex.42; we just don't support elimination of duplicates right now.43(ifremove-duplicates-p44(remove-duplicatessorted-parameters:key#'car:test#'string-equal:from-endt)45sorted-parameters)))))4647(defunparameter(name&key(test#'equal))48"Note: OAuth parameters are case-sensitive per section 5.
49 The case of user-supplied parameters is not restricted."50(cdr(assocname(normalized-parameters):testtest)))5152(defunoauth-parameter-p(parameter)53"Return T if PARAMETER starts with \"oauth_\". PARAMETER is a
54string denoting the parameter name."55(equal56(subseq(car(ensure-listparameter))0(min6(lengthparameter)))57"oauth_"))5859(defunremove-oauth-parameters(parameters)60(remove-if#'oauth-parameter-pparameters:key#'car))61